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TITLE OF THE INVENTION 
SECURE REMOTE SERVICING OF A COMPUTER 
5 SYSTEM OVER A COMPUTER NETWORK 



CROSS REFERENCE TO RELATED APPLICATIONS 
This application claims priority of U.S. Provisional 
Patent Application No. 60/160,985, filed October 22, 1999, 
10 the disclosure of which is hereby incorporated by reference. 



15 



STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR 

DEVELOPMENT 
N/A 



BACKGROUND OF THE INVENTION 
This invention relates to the servicing of computer 
systems, and more specifically to the secure servicing of 
remote computer systems and network appliances. 

20 The servicing of computer systems encompasses the 

processes and methods by which the proper operation and 
maintenance of computer systems are ensured. Servicing can 
be used to detect and correct problems prior to serious 
failures, or to restore computer system operation when the 

25 proper functioning of the system has been compromised. 

With an ever expanding use of computer systems in the 
commercial sector, many businesses find outsourcing the 
servicing of their computing investments a cost effective 
alternative to maintaining and managing an internal support 

30 staff. However, implicit in the contracting of third party 
support has been the cost of support personnel travelling to 
the contracting party's site to perform such servicing. 
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Further, there is often a delay in the provision of such 
service, particularly when the contracting party is located 
in a location remote from significant centers of commerce. 
While it may be possible for a contracting party to request 
5 expedited on-site support when needed, such a request 
typically comes at an increased cost. 

The wide scale use of computer networks such as the 
Internet has not yet been leveraged as an effective tool for 
the servicing of computer systems. Today, the Internet's 

10 role is relegated to being the conduit by which problem 
reports are entered and tracked by system administrators. 
In most cases, such problem reports provide only the 
symptoms or consequences of a problem; service professionals 
must still obtain additional information in order to provide 

15 an effective resolution. Access to this additional 

information typically occurs in one of three ways: over the 
phone with remote service professionals instructing system 
administrators with commands to run various directives and 
to report verbally on their outcome; through email exchanges 

20 between the service professional and the system 
administrator; or by on-site staffing or visitation by 
service professionals. The former two have historically 
provided a slow problem resolution time due to the need for 
information to pass through an intermediary, the system 

25 administrator. The information relayed to the service 
personnel may also be incomplete or improperly 
characterized. The latter approach clearly enables rapid 
resolution, but can be significantly more expensive than the 
other methods. 

30 It would therefore be preferable to enable a system for 

supporting secure computer networks that combines the 
beneficial aspects of these prior art approaches. 
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Specif ically, such a support system would preferably have 
the following three characteristics. 

First, the system must be interact ive, such that the 
service professional is capable of directly interrogating or 
5 commanding the computer system to be maintained and of 
receiving a direct , substantially immediate response. The 
service professional should have the ability to download 
patches and make changes to the target system in order to 
restore compromised function as rapidly as possible. 

10 Second, this interactive access to the target system 

must be capable of being provided remotely in order to 
obviate the need for as-needed or permanent on-site support. 
The service professional must have the ability to access the 
system being serviced from any location having access to the 

15 Internet or other appropriately configured data network. 

Third, the facility for providing service personnel 
with remote access must be secure. Only authorized service 
personnel should have access to the target computer system. 
Further, all data exchanges between the service personnel 

20 and the target system should be encrypted to prevent 
electronic eavesdropping or "snooping" by third parties. 
Encryption also serves to frustrate attempts by third 
parties to inject false directives to the target system or 
to submit false data to the service personnel. 

25 The Internet provides the communications vehicle by 

which businesses all over the world are connected. Layered 
protocols such as Hypertext Transport Protocol (HTTP) 
support interactive exchanges over the Internet. It is 
necessary for businesses to tightly control which, if any, 

30 parts of their internal computer networks are accessible to 
computer users outside such internal networks. This is 
often accomplished through the use of firewall technology 
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which segment an enterprise's networks such that internal 
networks are not accessible to unauthorized personnel 
including users of other networks such as the Internet. To 
this end, firewalls examine data packet identifiers in 
5 deciding which are allowed to pass the boundary between 
internal and external networks. 

However, necessary security provisions including 
firewalls represent an obstacle to realizing a secure, 
remote network support system. For instance, an attempt to 

10 send a request other than a mail message to a firewall- 
protected network will normally fail. The only systems 
which are accessible by external access are corporate web 
servers which are often resident outside the firewall. 

The most common remote management solution in use at 

15 present is Secure Shell (SSH) which allows encrypted, remote 
login over the Internet. The system allowing remote login 
must manage all access control; improper configuration of 
such a system could expose the protected systems to a 
security risk. In addition, firewalls between the Internet 

20 and a system to be supported must be configured to allow a 
port specific to SSH to be passed through, which some 
administrators are reluctant to do. 



BRIEF SUMMARY OF THE INVENTION 
25 The presently disclosed remote servicing of a secure 

computer system employs an intermediate network entity 
accessible to both a remote service provider and to an agent 
running on the target computer system to be serviced. Such 
servicing may be referred to as Secure Servicing Technology 
30 (SST) . 

A service professional's computer runs a Service 
Manager (SM) software module, while the system being managed 
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or serviced runs a Secure Service Agent (SSA) software 
module . 

A Secure Service Intermediary (SSI) software module 
runs on the intermediate network entity such as a computer 
5 system accessible to both the SM and the SSA. This mutually 
accessible system may be located outside firewalls 
protecting the system to be maintained or inside such 
firewalls configured to allow selected access. In addition, 
the mutually accessible system is configured with all of the 

10 safeguards of computer systems currently supporting e- 
commerce, including encrypted connections. 

Access to the intermediate network entity is limited to 
access over secure access protocols, and then only after 
proper authentication and authorization. The SM, using 

15 secure access protocols, connects to the SSI, and after 
authentication authorizes itself to perform directives on 
the SSA. A directive may be any command or executable which 
the SM requests to be executed on the SSA. Once so 
authorized, the SM passes a directive via standard HTTP to a 

20 CGI process spawned by the SSI. The CGI establishes whether 
a secure connection exists between the SSI and the target 
SSA. If so, the CGI process passes the directive to the 
SSI, which in turn passes the directive to the SSA using 
secure access protocols. The SSA then executes the 

25 directive. Meanwhile both the SSI and the CGI process 
block, or enter an idle state, until a valid response is 
returned from the SSA to the SSI. The SSI passes the 
response to the CGI, which in turn provides it to the SM for 
analysis by the service professional. 

30 This flexible architecture has application to a broad 

range of networked computer systems requiring interactive, 
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secure data exchange over a distributed network such as the 
Internet . 

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING 
5 Fig. 1 is a block diagram of one embodiment of a remote 

support system for a secure computer system according to the 
present invention; 

Fig. 2 is a block diagram of one embodiment of software 
modules which are executed by the secure computer system of 
10 Fig. 1; 

Fig. 3 is a flow diagram illustrating the establishment 
of secure communications between a secure service agent 
running on a computer system to be serviced and a secure 
service intermediary; and 

15 Fig. 4 is a flow diagram illustrating the establishment 

of secure communications between a remote service manager 
and a secure service intermediary, as well as the 
transmission of service directives from the service manager 
to the secure service agent via the secure service 

20 intermediary and the return of resulting data from the 
secure service agent to the service manager via the secure 
service intermediary. 

DETAILED DESCRIPTION OF THE INVENTION 
25 The present system 10 for remotely supporting or 

servicing secure computer systems 14 enables a service 
professional to maintain a computer system anywhere in the 
world. 

With reference to Figs. 1 and 2, the service 
30 professional employs a computer system running a service 
manager (SM) module 12. In a first embodiment, the SM is an 
Internet browser 32 such as NETSCAPE NAVIGATOR. The service 
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professional employs the SM 12 to send service directives to 
and to receive the results of executed service directives 
from a secure service intermediary (SSI) 16. The data 
pathway between the SM 12 and the SSI 16 is the Internet in 
5 a first embodiment, with world-wide interconnectivity 
enabling remote access for a service professional from 
practically any location. However, in alternative 

embodiments, dedicated or limited access computer networks 
are utilized. 

10 In a first embodiment, the SSI 16 is realized by a web 

server 34 which supports secure sockets layer (SSL) , such as 
APACHE of Apache Micro Peripherals, Inc. SSL is a protocol 
developed by Netscape Communications Corporation for 
transmitting private documents or data via the Internet. 

15 SSL works by using a private key to encrypt data that is 
transferred over the SSL connection. 

Much of the functionality of the SSI 16 is implemented 
in common gateway interfaces (CGI) 36. CGI is a standard 
for external gateway programs which interface with 

20 information servers such as World Wide Web servers. A CGI 
program is also any program designed to accept and return 
data that conforms to the CGI specification . The program 
can be written in any programming language, including C, 
Perl, Java, or Visual Basic. CGI programs are the most 

2 5 common way for web serves to interact dynamically with 
users . 

The SSI 16 is also comprised of a parent intermediary 
daemon process 38. A daemon process is a software process 
that runs in the background and performs a specified 
30 operation. This parent intermediary daemon process 38 is 
responsible for conveying directives received from the SM 12 
to the SSA 18, as will be described below. In addition, the 
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parent intermediary daemon process 38 is responsible for 
conveying results from one or more SSA-executed directives 
to the appropriate SM 12, as will be discussed in the 
following. 

5 Service personnel ("the user" ) can connect to the SSI 

16 via the Internet 28 by entering the appropriate universal 
resource locator (URL) into the SM browser 32. Once 
connected, the user is requested to enter his or her name 
and password such that a CGI process 36 of the SSI 16 can 

10 authenticate the identity of the user and ensure that the 
user is an authorized user of the SSI system 16. All 
network (i.e. Internet) transactions between the SM browser 
32 and the SSI web server 34 use SSL encryption for complete 
protection of passwords and data. 

15 Once authorized, the user selects which secure computer 

system 14 ("target system") they wish to perform a service 
management directive on. The user is then presented with a 
web-based interface that allows them to query and perform 
actions on the selected system to be supported 14 via a 

20 secure service agent (SSA) 18. 

The SSA 18 is implemented as a software module capable 
of executing various commands or executables on the target 
system (s) to be serviced 14. In a preferred embodiment, the 
SSA 18 is implemented as a parent agent daemon process 44. 

25 When the SSA 18 is initiated, the parent agent daemon 
process 44 establishes a secure connection to the SSI 16 
parent intermediary daemon process 38. 

When a directive for execution by one of the target 
systems 14 has been received over this secure connection, 

30 the parent agent daemon process 4 4 spawns a respective child 
agent daemon process 46. This child agent daemon process 4 6 
carries out the execution of the directive and returns any 
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results to the parent agent daemon process 44. These daemon 
programs 44, 46 are written in the C programming language in 
a first embodiment. 

As the user selects a service or maintenance operation, 
5 a CGI program 36 on the SSI 16 determines whether a valid, 
secure connection has been established between an child 
intermediary daemon process 4 0 and the parent agent daemon 
process 44. If such a connection exists, the SSI CGI 
process 36 makes a connection to the this child intermediary 

10 daemon process 38 and passes the directive received from the 
SM 12 to this child intermediary daemon process 40. The 
child intermediary daemon process 4 0 receives the directive 
and sends it over the secure connection to the parent agent 
daemon process 44 on the SSA 18. Having transferred the 

15 directive to the SSA 18, both the CGI process 36 and the 
child intermediary daemon process 40 block, or enter an idle 
state, pending receipt of results from the execution of the 
directive by the target system 14. 

Meanwhile, if the user issues another directive to the 

20 SSI 16, the SSI 16 spawns a new CGI process 36 to receive 
the directive. The new directive is then transferred by 
this new CGI process 36 to the child intermediary daemon 
process 40 which is already in communication with the 
respective SSA 18 processes. This child intermediary daemon 

25 process 40 then forwards the new directive to the parent 
agent daemon process 44, which in turn spawns a new child 
agent daemon process 4 6 for executing the directive on the 
target system and which returns the results in the same 
fashion as previously described. Thus, several users and/or 

30 directives can be passed to the SSI 16 and on to the SSA 18 
at the same time. A single connection between the SSI 16 
child intermediary daemon process 40 and the parent agent 
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daemon process 44 is capable of supporting multiple users 
and/or simultaneous directives. 

Once a parent agent daemon process 44 on an SSA 18 
associated with a target system to be maintained 14 is 
5 started or initiated and the communications channel with the 
respective child intermediary daemon 40 process has been 
established, the parent agent intermediary process 44 blocks 
pending receipt of a directive to be executed on one of the 
target systems 14 associated with that SSA 18. If such a 

10 directive is received, the parent agent daemon process 44 
spawns a respective child agent daemon process 4 6 which will 
remain in communication with the parent agent daemon process 
44 until all results from the executed directive have been 
returned to the SSI 16. Once this occurs, the child agent 

15 daemon process 4 6 exits. Each of these daemon processes 38, 
40, 4, 46 block, or remain in an idle state, until they are 
needed to either receive or send data. 

As with the SM browser 32, the connection from the SSA 
18 to the SSI 16 uses hypertext transfer protocol (HTTP) 

20 over SSL. In a first embodiment, the data network between 
the SSA 18 and the SSI 16 is the Internet 28, though other 
networks are employed in further embodiments. HTTP, the 
underlying protocol used by the World Wide Web, defines how 
messages are formatted and transmitted, and what actions Web 

25 servers and browsers should take in response to various 
commands. Also as with the SM browser 32, the identity of 
the SSA 18 is authenticated by the SSI 16 parent 
intermediary daemon process 38. A firewall 22 separating 
the SSI 16 and the systems to be serviced 14 is configured 

30 in order to allow selective access to the SSI 16 by the SSA 
18. Any attempt to transmit directives from external 
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devices directly to the SSA 18 (other than through the SSI 
16 as described above) is prevented. 

Once connected to and authenticated by the SSI 16 
daemon process at startup, the SSA 18 daemon 44 blocks, and 
5 receives directives from and sends results to the SSI 16 
daemon process over the valid SSL connection. Once the SSI 
16 child intermediary daemon process 40 acknowledges a 
response from the respective agent process 44, the SSI child 
intermediary daemon process 4 0 becomes unblocked. The 

10 response from the agent daemon 44 is received by the 
respective child intermediary daemon process 40, then sent 
over the valid connection to the SSI CGI process 36, which 
in turn sends the results to the SM 12 web browser 32 for 
display to the user. 

15 As noted, all communications between the SM 12, SSI 16 

and SSA 18 employ HTTP over SSL. Thus, all data is 
encrypted end to end, and the SSI is authenticated using 
digital certificates each time a new SSA 18 makes an initial 
connection. Additionally, user identity and password 

20 information are validated by the SSI 16 with each directive 
or directive response. 

An optional firewall 20 is provided between the SM 12 
and the SSI 16. In this embodiment, the firewall 20 is 
configured to allow selected access by each of the SM 12 to 

25 the SSI 16 according to methods known to one skilled in the 
art . 

With reference to Fig. 3, the process by which the SSA 
18 receives directives from the SSI 16 is illustrated. For 
purposes of this illustration, the SSA 18 may be referred to 
30 as "the Agent" and the SSI 16 may be referred to as "the 
Intermediary" or "the web server." 
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Depending upon the prior state of the system to be 
managed or serviced 14, the parent agent daemon process 44 
of the Agent 18 is initiated (100) , and authentication 
information is provided, either manually or by reference to 
5 a secure configuration file (102) . Upon initial receipt of 
contact by the parent agent daemon process 44 (104), the 
parent intermediary daemon process 38 responds to the Agent 
18 with a digital certificate (106) . This enables the 
parent agent daemon process 44 to authenticate the 

10 Intermediary 16 (108) . 

Once authenticated, the Intermediary 16 receives a 
site-specific password from the Agent 18 (110) . This 
password is stored in a secure or protected database in the 
Intermediary 16 (112) for later use in authenticating a user 

15 attempting to provide the Agent 18 with directives via the 
Intermediary 16. In one embodiment, the validity of the 
transferred password has a discrete lifetime. Thus, the 
password may be stored in the secure database of the 
Intermediary along with a time-stamp. 

20 The parent intermediary daemon process 38 also spawns a 

child intermediary daemon process 40 in response to the 
establishment of a valid connection between the Intermediary 
16 and the Agent 18. This child intermediary daemon process 
40 will remain in existence as long as the valid connection 

25 exists between the Intermediary 16 and the Agent 18. Once 
spawned, the child intermediary daemon process 40, and the 
parent agent daemon process 44, block, receive or send 
(114a, 114b), depending upon whether a directive exists for 
transfer from the Intermediary 16 to the respective Agent 18 

30 or whether directive results exist for transfer from the 
respective Agent 18 to the Manager 12 via the Intermediary 
16. 
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With reference to Fig. 4, one process by which a 
directive is defined by the Manager 12 and is responded to 
by the Agent 18 is illustrated. First, a service 

professional, referred to as a "user/ 7 opens a web browser 
5 32 using the Manager 12 (200) . Once the browser has been 
initiated, the user provides the browser with the URL of a 
login page in the Intermediary 16 web server 34 (202), 
resulting in the browser 32 sending a connect request to the 
web server 34 of the Intermediary 16 (204) . 

10 The web server 34 responds to the connect request by 

returning a digital certificate to the Manager 12 (206) , 
which the Manager 12 uses to authenticate the Intermediary 
16 (208) . The web browser 32 spawns a CGI process in the 
Manager 12 for this purpose. If successful, the Manager 12 

15 requests and receives a login page from the Intermediary 16 
web server 34 (210, 212) . The user provides his/her account 
name and password to the Intermediary 16 through this page 
and an associated CGI process (214), and the web server 34 
spawns a CGI process for receiving this information and for 

20 authorizing the user via another Manager CGI process (216) . 
Both the Manager 12 and Intermediary 16 have now been 
authenticated (218) . 

Next, the user enters a URL into the browser 32 which 
results in the Intermediary 16 spawning a CGI process which 

25 references an Intermediary 16 database (not illustrated) to 
establish which Agents 18 are active, and of those, which 
the user is authorized to access (220, 222) . A list of 
user-accessible Agents 18 is provided to the Manager 12 
browser 32 for user selection (222, 224), and the user's 

30 selection is uploaded to the Intermediary 16 via a CGI 
process (226) . 
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In response to receipt of the Agent identifier, the 
Intermediary 16 web server 34 spawns a CGI process that 
requests from the user the site-specific password previously 
stored in the protected database of the Intermediary 16 
5 (228, 110, 112) . The user enters the password via the web 
browser 32 and another CGI process (230) . Following 
Intermediary CGI authorization of the user based on the 
entered password (232), the web server 32 spawns a CGI 
process for enabling the user to define directives for 

10 execution by the Agent (234) . 

In response to the authorization confirmation by the 
Intermediary 16, the user enters into the Manager browser 32 
a directive that he/she wants to have executed by the Agent 
18 (234) . This directive request is then uploaded to the 

15 Intermediary web server 34 (236) , which spawns a CGI process 
36 (238) for confirming that a valid SSL connection between 
the child intermediary daemon process 4 0 and the parent 
agent daemon process 44 has been established. If such a 
valid connection exists, the CGI process 36 passes the 

20 directive over a local SSL connection to the child 
intermediary daemon process 40. The CGI process 36 then 
begins blocking (238) on the local connection until a valid 
response is received from the child intermediary daemon 
process 40. This child intermediary daemon process 

25 meanwhile receives the directive and forwards it to the 
parent agent daemon process 44 (240) associated with the 
target system to be serviced 14. 

Meanwhile, as indicated at the end of Fig. 3, the 
parent agent daemon process 44 has been blocking over the 

30 SSL with the Intermediary 16 while waiting to receive 
directives (114, 242) . The Agent 18 is capable of handling 
plural directives simultaneously because it spawns a 
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respective child agent daemon process 46 for controlling 
each directive to be executed on a respective target system 
14 (244 ) . The same child agent daemon process 46 blocks 
until results from the executed directive are received from 
5 the respective target system 14 (246) . All responses from 
executed directives are returned to the Intermediary 16 over 
the same SSL connection via communication from the child 
agent daemon process 4 6 to the parent agent daemon process 
44 to the child intermediary daemon process 44 (246) . 

10 The intermediary CGI process 36, which had been 

blocking, receives the response from the parent agent daemon 
process 44 via the child intermediary daemon process 40 
(248) and sends it via standard HTTP to the Manager web 
browser 32 (250) for display at the user's computer 12 

15 (252) . The same CGI process 36 continues to 

block/receive/send, waiting for further results from the 
executed directive previously conveyed to the Agent 18 
(254) . Once the child agent daemon process 46 determines 
that the directive has been executed by the target system 14 

20 and all responses from this directive have been passed back 
to the Intermediary 16, the child agent daemon process 46 
exits (256) . Meanwhile, the parent agent daemon process 44 
continues to block (242) while waiting to receive further 
directives which would again cause the parent agent daemon 

25 process 44 to spawn further child agent daemon processes 46. 

In the Intermediary 16, the child intermediary daemon 
process 40 and the CGI process 36 continue to block pending 
receipt of further results from the previously transferred 
directive (258) . Once the child intermediary daemon process 

30 40 and the CGI process 36 transfer the last results from the 
executed directive to the Manager browser 32, the CGI 
process exits while the child intermediary daemon process 
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continues blocking pending receipt of a new directive to be 
conveyed to the respective parent agent daemon process 44 
(260) . 

In the browser 32 of the Manager 12, the data from the 
5 Intermediary 16 is received and displayed to the user (262) . 
The user then has the option of submitting one or more 
subsequent directives to the Intermediary for execution by 
the selected Agent (234) . 

As noted, the term "directive" can be interpreted as a 
10 single command, a string of diagnostic commands, or a 
command to replace an existing set of executable code with a 
new set. Other interpretations are also possible. 
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CLAIMS 

1. A remote access system for a secure computer network, 
comprising : 

an agent operative in conjunction with said secure 
computer network; 

an intermediary operative in conjunction with a network 
entity distinct from said secure computer network; and 

a manager for defining a directive to be executed by 
said agent, wherein 

said manager and said intermediary are capable of 
establishing secure communications therebetween, 

said intermediary and said agent are capable of 
establishing secure communications therebetween, and 

said manager is operative to convey said directive to 
be executed to said intermediary and said agent is operative 
to receive said directive to be executed from said 
intermediary prior to executing said directive. 

2. The system of claim 1, wherein said agent is operative 
to execute said directive and to return results of said 
executed directive to said intermediary. 

3. The system of claim 2, wherein said intermediary is 
operative to forward said results of said executed directive 
to said manager subsequent to said return of said results to 
said intermediary by said agent. 

4. The system of claim 1, wherein said agent is operative 
to block pending receipt of said directive to be executed 
from manager via said intermediary. 
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5. The system of claim 1, wherein said agent and said 
intermediary are capable of authenticating each other prior 
to establishing said secure communications therebetween. 

5 6 . The system of claim 1, wherein said manager and said 
intermediary are capable of authenticating each other prior 
to establishing said secure communications therebetween. 

7. The system of claim 6, wherein said agent is capable of 
10 providing a password to said intermediary for subsequent 

comparison by said intermediary with a password provided by 
said manager. 

8. The system of claim 6, wherein said agent is capable of 
15 providing said intermediary with a identifying data, said 

intermediary capable of providing said identifying data to 
said manager, and said manager capable of authenticating 
said intermediary based upon said identifying data. 

20 9. The system of claim 1, wherein said manager is a web 
browser and said intermediary is a web server. 

10. The system of claim 1, further comprising a first data 
pathway between said agent and said intermediary and a 

25 second data pathway between said intermediary and said 
agent, wherein at least one of said first and second data 
pathways is comprised of the Internet. 

11. A method of remotely servicing a secure computer 
30 system, comprising: 
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conveying a directive to be executed from a manager to 
an intermediary distinct from said secure computer system 
over a first secure communications pathway; 

receiving, by an agent of said secure computer system, 
5 said directive to be executed from said intermediary over a 
second secure communications pathway; and 

executing, by said agent, said directive to executed. 

12. The method of claim 11, further comprising establishing 
10 said first secure communications pathway by said agent 
conveying intermediary-identifying data to said 
intermediary, and said intermediary conveying intermediary- 
identifying data to said manager. 

15 13. The method of claim 11, further comprising establishing 
said first secure communications pathway by said manager 
conveying manager-identifying data to said intermediary. 

14. The method of claim 11, further comprising establishing 
20 said second secure communications pathway by said agent 

conveying agent-identifying data to said intermediary. 

15. The method of claim 11, further comprising establishing 
said second secure communications pathway by said 

25 intermediary conveying intermediary-identifying data to said 
agent . 

16. The method of claim 11, wherein said establishment of 
said first secure communications pathway between said 

30 manager and said intermediary comprises using a web browser 
as said manager and accessing a web server as said 
intermediary . 
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17. The method of claim 11, further comprising: 
returning, by said agent, results of an executed 

directive to said intermediary; and 
5 returning, by said intermediary, said executed 

directive results to said manager. 

18. A remote servicing system intermediary for a secure 
computer system, comprising: 

10 a web server communicable, over a first secure 

communications link, with a manager running on a management 
computer system and, over a second secure communications 
link, with an agent running on said secure computer system, 
said web server capable of spawning a first sub-process 

15 for receiving, over said first secure communications link, a 
directive to be executed by said secure computer system, and 
said web server capable of spawning a second sub- 
process for transmitting, over said second secure 
communications link, said directive to be executed by said 

20 secure computer system. 

19. The intermediary of claim 18, further comprising memory 
for storing a password received from said secure computer 
system for use in validating said manager. 

25 

20. The intermediary of claim 18, wherein said intermediary 
is operative to block pending receipt of said directive to 
be executed from said manager. 

30 21. The intermediary of claim 18, further comprising a 
digital certificate to be conveyed to said agent and to said 
manager for authenticating said intermediary. 
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22. The intermediary of claim 18, further comprising an 
access database for defining which secure computer systems 
communicable with said intermediary said manager may define 
directives for. 

23. The intermediary of claim 18, wherein said intermediary 
is operative to receive results of said executed directive 
from said secure computer system over said second secure 
communications link and is further operative to convey said 
results to said manager over said first secure 
communications link. 

24. A method of operating an intermediary for the remote 
servicing of a secure computer system, comprising: 

providing a first digital certificate to an agent 
running on said secure computer system in response to a 
request from said agent for the purpose of authenticating 
said intermediary to said agent; 

storing identifying information received from said 
agent ; 

providing a second digital certificate to a manager in 
response to a request from said manager for the purpose of 
authenticating said intermediary to said manager; 

receiving said identifying information from said 
manager for the purpose of authenticating said manager to 
said intermediary; 

receiving, from said manager, a directive to be 
executed by said agent; and 

forwarding said directive to said agent for execution. 

25. The method of claim 24, further comprising: 
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receiving results of said executed directive from said 
agent; and 

forwarding said results to said manager. 

5 26. The method of claim 24, further comprising: 

storing a list of secure computer systems communicable 
with said intermediary and for which said manager may define 
directives to be executed. 

10 27. The method of claim 24, further comprising: 

establishing a first secure communications pathway 
between said intermediary and said agent in response to said 
agent authenticating said intermediary based upon said 
provision of said first digital certificate from said 

15 intermediary to said agent. 

28. The method of claim 24, further comprising: 

establishing a second secure communications pathway 
between said intermediary and said manager in response to 
2 0 said manager authenticating said intermediary based upon 
said provision of said second digital certificate from said 
intermediary to said manager and in response said receipt of 
said identifying information from said manager by said 
intermediary. 

25 



ATTORNEY DOCKET NO. MCL-001XX 
WEINGARTEN, SCHURGIN, 
GAGNEBIN & HAYES, LLP 
TEL. (617) 542-2290 
FAX. {617) 451-0313 



-23- 



ABSTRACT OF THE DISCLOSURE 
The remote servicing of a secure computer system 
employs an intermediate network entity accessible to both a 
remote service provider and to an agent running on the 
5 secure computer system to be serviced. A service provider's 
computer runs a manager software module, while the system 
being serviced, or an agent on its behalf, runs an agent 
software module. An intermediary software module runs on 
the intermediate network entity. The mutually accessible 

10 intermediate network entity may be located outside firewalls 
protecting the system to be serviced or inside such 
firewalls though with the firewalls configured to allow 
selected access. Access to the intermediate network entity 
is limited by secure access protocols. After 

15 authentication, the manager submits to the intermediary one 
or more directives to be executed by the agent. The 
intermediary then sends the directives to the agent over a 
secure connection to the agent. The agent then executes the 
directive (s) upon receipt and sends the response to the 

20 intermediary via the secure connection. The manager is then 
capable of accessing the results via the intermediary. 

223159 
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Manager 



2/5 

Intermediary 



100. 



Agent 



Agent is manually or 
automatically started up on 
the system being managed 



102^ 



Agent prompts the administrator 
for its site specific password, or 
optionally retrieves it from a 
protected configuration file 



104. 



106. 



Web server responds to the 
Agent by returning its 
Digital Certificate 



108. 



Agent connects to the 
Intermediary 



Agent receives the 
Intermediary's Digital 
Certificate and authenticates 
the Intermediary 



. f/ ^ Agent passes the site specific password 
* to the Intermediary and establishes a valid 



connection. 



0a- 



Web server spawns a CGI process 
which records in a protected database 
the site specific password and 
timestamp for the Agent 



The Intermediary daemon process 
now blocks on the valid connection 
until a directive and/or a response 
is received. 



Agent now blocks on the valid connection 
until a directive is received. 
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FIG. 3 



Manager 



3/5" 

Intermediary 



Agent 



200^ 



Browser session initiated 
by the user 



202 v^- User enters the URL of the 
Intermediary login page 



204 > 



208 > 



Browser sends a connect request 
to the intermediary Web server 



Browser receives the 
Intermediary's Digital 
Certificate and authenticates 
the Intermediary 



Web server responds to the 
Browser by returning its 
Digital Certificate 
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210^ 



214^ 
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Browser requests the login 
page from the Intermediary 



User enters in their account name 
and password which the browser 
uploads to the Intermediary 



User receives authorization 
confirmation 



Web server returns the login page 



/ 
v 



Web server spawns a CGI 
process which receives the 
account information and 
authorizes the user to connect 
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220 User enters the URL 

requesting a list of Agents 



Web server spawns a CGI 
process which scans the 
database for the list of active 
Agents to which the User is 

authorized access and 
returns the list to the browser 



(To Fig.tfb) 
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FIG 'A a 



Manager 



M5 

Intermediary 
/(From Fig.Va) 



The Browser displays the list of 
224 active Agents, and the User 
selects the one they choose 
to manage 



Agent 
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230^ 



234 ^ 



236^ 



The Browser uploads this 
request to the intermediary 



The User enters the site specific 
password and the Browser 
uploads it to the Intermediary 



The User sees the 
authorization confirmation, 
and enters a directive he 
wants the Agent to execute 



The Browser uploads the 
request to the Intermediary 



Web server spawns a CGI 
process which prompts for the 
site specific password which 

was supplied by the Agent 



.228 



Web server spawns a CGI 
process which authorizes 
that the User is allowed 
to manage the Agent 



,232 



The directive is received by the 
Intermediary which spawns a CGI process. 
This process then passes the directive 
through a continuous connection to the 
child Intermediary daemon process. The 
CGI process will now block until a valid 
response is received from the child 
Intermediary daemon process. 



The child Intermediary daemon process 
accepts the directive from the CGI process 
and passes it along to the target Agent 
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FIG.^b 
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Manager 



Intermediary . 



2W 



Agent 



The Agent continues to block/ 
receive/send over the SSL connection 
from the child Intermediary process 
for additional directives. 



The Agent accepts a directive from 
the Intermediary then spawns a child 
Agent daemon process which will 
control the directive execution. 
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The child Agent daemon process receives 
output from the directive, and sends it to 
the child Intermediary daemon process. 



The child Intermediary daemon process 
receives the response from the target 
Agent and passes it along to the 
Intermediary CGI process. 



The CGI process which was blocking 
receives the response from the child 
Intermediary daemon process and return: 
it to the Browser. 



■ jhe Browser receives the data from the 
Intermediary and displays it. 
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The CGI process continues to block/ 
^ receive for resnonses from the chilri 



254 



lhe CGI process continues to block, 
> receive for responses from the child 
Intermediary daemon process. 
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2<tf>~ 



The Intermediary continues to block/ 
receive/send responses from the Agent 
to the CGI process. 



A 



The sub-process recognizes that the 
directive has completed and sends the 
final results to the Intermediary, then 
exits. 



The CGI process determines that the 
directive has been completed, then sends 
the remaining response from the Agent 
via the child Intermediary daemon 
process to the Browser, then exits. 



The Browser receives the data 
from the Intermediary and display it 
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jz Boston, Massachusetts 02109 

J Telephone: (617) 542-2290 

I, Telecopier: (617) 451-0313 

i\hereby declare that all statements made herein of my own knowledge are true and that 
111 statements made on information and belief are believed to be true; and further 
tHat these statements were made with the knowledge that willful false statements and 
trie like so made are punishable by fine or imprisonment, or both, under Section 1001 
&£ Title 18 of the United States Code and that such willful false statements may 
jeopardize the validity of the application or any patent issued thereon. 



Full Name of Sole Inventor: 
Brian Stevens 


City of Residence 
New Boston 


State or Country 
New Hampshire 


Country of Citizenship 
United States 


Post Office Address 
165 Mont Vernon Road 


City 

New Boston 


State or Country Zip Code 
New Hampshire 03070 


Signature: (Please sign a 


nd date in permanent ink.) 


Date signed: 

x 6/7 J oo 



213554 



Eugene A. Feher, Reg. No. 33,171 
Beverly E. Hjorth, Reg. No. 32,033 
Holliday C. Heine, Reg. No. 34,346 
Gordon R. Moriarty, Reg. No. 38,973 



